中文 EN

Scan Report

Scan New Files

Suspicious — Risk Score 45/100
Last scan:17 hr ago Rescan
45 /100
sshot
Take full screen screenshot using PowerShell
The skill delegates execution to an opaque external PowerShell script that is not included in the package, creating an unauditable blind spot where undeclared behavior could occur without being detected.
Skill Namesshot
Duration55.6s
Enginepi
Use with caution
Do not deploy until the referenced PowerShell script at C:\Users\AlenZhu\.openclaw\scripts\sshot.ps1 is provided and audited. Verify the script only captures screenshots and does not access sensitive paths, exfiltrate data, or execute undeclared commands.

Attack Chain 3 steps

Entry Skill presents as a simple screenshot utility through SKILL.md
SKILL.md:1
Escalation Skill delegates execution to opaque external script at C:\Users\AlenZhu\.openclaw\scripts\sshot.ps1 with ExecutionPolicy Bypass, bypassing PowerShell security controls
SKILL.md:11
Impact External script is unauditable — could harvest credentials, exfiltrate data, or execute arbitrary commands without any record in the skill package
External: sshot.ps1

Findings 3 items

Severity Finding Location
High
Critical script artifact not included in package Doc Mismatch
The SKILL.md declares behavior as 'take full screen screenshot' but delegates all implementation to an external PowerShell script (C:\Users\AlenZhu\.openclaw\scripts\sshot.ps1) that is not included in this package. There is no source code, script, or dependency file to audit the actual behavior of the skill. The skill's true behavior is entirely opaque.
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Bypass -File "C:\Users\AlenZhu\.openclaw\scripts\sshot.ps1"
→ Require the sshot.ps1 script to be included in the package. Audit it for screenshot-only behavior, no network access, and no credential/sensitive file access.
 SKILL.md:11
Medium
Hardcoded user-specific path in skill definition Sensitive Access
The script path references a specific Windows user profile (C:\Users\AlenZhu\.openclaw\scripts\sshot.ps1). This indicates the skill was authored for a single targeted machine rather than being portable. An attacker controlling this path or compromising the referenced location could replace the script with malicious code.
C:\Users\AlenZhu\.openclaw\scripts\sshot.ps1
→ Use a relative or configurable path for the script. Include the script in the package itself rather than referencing an external location.
 SKILL.md:11
Medium
ExecutionPolicy Bypass weakens PowerShell security controls Doc Mismatch
The -ExecutionPolicy Bypass flag disables PowerShell script signing and execution policy requirements. While this is sometimes legitimate for automation scripts, it is not mentioned or justified in the documentation. Combined with the unauditable external script, this increases risk.
-ExecutionPolicy Bypass -File "C:\Users\AlenZhu\.openclaw\scripts\sshot.ps1"
→ If -ExecutionPolicy Bypass is necessary, document why. Prefer -ExecutionPolicy RemoteSigned or include the script inline to avoid bypassing security controls.
 SKILL.md:10
ResourceDeclaredInferredStatusEvidence
Shell WRITE WRITE ✓ Aligned SKILL.md:11 - system.run on node
Filesystem NONE UNKNOWN ✓ Aligned External script sshot.ps1 not provided; behavior cannot be audited
Network NONE UNKNOWN ✓ Aligned External script sshot.ps1 not provided; network behavior cannot be audited

File Tree

3 files · 1.0 KB · 34 lines
Markdown 2f · 30L JSON 1f · 4L
├─ 📁 clawhub
│ └─ 📝 SKILL.md Markdown 15L · 487 B
├─ 📋 meta.json JSON 4L · 69 B
└─ 📝 SKILL.md Markdown 15L · 487 B

Security Positives

✓ No base64-encoded payloads or obfuscated code found
✓ No direct credential harvesting loops over environment variables
✓ No curl|bash or wget|sh remote script fetching in visible files
✓ No evidence of reverse shell, C2, or data exfiltration in provided files
✓ The described behavior (taking a screenshot) is a legitimate, well-defined feature